[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] malware and tool
Agreed. That’s been my concern with this proposal, but assuming we have clear guidance I think it’s workable. I don’t think it really matters what the actual line is, just that we define
the line very clearly so that we don’t end up with inconsistencies. For example, let’s figure out where to bin “penetration testing” tools: -
NMAP -
LOIC -
sqlmap -
metasploit John From:
<cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com> I support this with the caveat that we must issue clear guidance in the normative text as to what the definition / distinction is between "malware" and "tool", so that vendors can use this when creating their solutions.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]